The DTS security implementations uses the previously listed technology stacks as follows:
•A certificate authority signs a root certificate (CTRL CERT) for the DTS Controller module. This certificate contains the Controller’s public key (CTRL PUB KEY). This certificate is also accompanied by its complementary private key (CTRL PRIV KEY).
Each DTS deployment is capable of generating and maintaining a certificate authority. Alternatively, a 3rd party CA can be involved.
•Each connected component then receives a component certificate (COMP CERT) signed using CTRL CERT, as well as two RSA keys: The Controller’s public key (CTRL PUB KEY) and the private key complementary to the component certificate (COMP PRIV KEY).
•When the component registers with the controller, it provides its COMP CERT to be verified using CTRL CERT. True ownership of the certificates is proven using the complementary private keys to encrypt parts of the registration request and reply.
•This registration exchange also provides the registered component with the AES keys which will be used in further communication on the initial channels. Each component, as well as the controller have their own main communication channel and other channels can be opened later depending on circumstances. Each channel has its own AES key. The initial AES key transfer is secured using the COMP PUB/PRIV KEY pair.
•Subsequent communication on the main channels will be encrypted with the previously exchanged AES keys.
•Whenever a new channel is put in use, its availability is communicated to the components concerned and the AES key is included. This communication is always done on an already secured channel (usually the component’s main channel).